@simplewebauthn/browser 10.0.0 → 11.0.0-alpha3

package/script/helpers/identifyRegistrationError.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identifyRegistrationError.d.ts","sourceRoot":"","sources":["../../src/helpers/identifyRegistrationError.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,EACxC,KAAK,EACL,OAAO,GACR,EAAE;IACD,KAAK,EAAE,KAAK,CAAC;IACb,OAAO,EAAE,yBAAyB,CAAC;CACpC,GAAG,aAAa,GAAG,KAAK,CA4HxB"}

package/script/helpers/identifyRegistrationError.js

@@ -0,0 +1,129 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.identifyRegistrationError = identifyRegistrationError;
+const isValidDomain_js_1 = require("./isValidDomain.js");
+const webAuthnError_js_1 = require("./webAuthnError.js");
+/**
+ * Attempt to intuit _why_ an error was raised after calling `navigator.credentials.create()`
+ */
+function identifyRegistrationError({ error, options, }) {
+    const { publicKey } = options;
+    if (!publicKey) {
+        throw Error('options was missing required publicKey property');
+    }
+    if (error.name === 'AbortError') {
+        if (options.signal instanceof AbortSignal) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 16)
+            return new webAuthnError_js_1.WebAuthnError({
+                message: 'Registration ceremony was sent an abort signal',
+                code: 'ERROR_CEREMONY_ABORTED',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'ConstraintError') {
+        if (publicKey.authenticatorSelection?.requireResidentKey === true) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 4)
+            return new webAuthnError_js_1.WebAuthnError({
+                message: 'Discoverable credentials were required but no available authenticator supported it',
+                code: 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT',
+                cause: error,
+            });
+        }
+        else if (
+        // @ts-ignore: `mediation` doesn't yet exist on CredentialCreationOptions but it's possible as of Sept 2024
+        options.mediation === 'conditional' &&
+            publicKey.authenticatorSelection?.userVerification === 'required') {
+            // https://w3c.github.io/webauthn/#sctn-createCredential (Step 22.4)
+            return new webAuthnError_js_1.WebAuthnError({
+                message: 'User verification was required during automatic registration but it could not be performed',
+                code: 'ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE',
+                cause: error,
+            });
+        }
+        else if (publicKey.authenticatorSelection?.userVerification === 'required') {
+            // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 5)
+            return new webAuthnError_js_1.WebAuthnError({
+                message: 'User verification was required but no available authenticator supported it',
+                code: 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'InvalidStateError') {
+        // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 20)
+        // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 3)
+        return new webAuthnError_js_1.WebAuthnError({
+            message: 'The authenticator was previously registered',
+            code: 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED',
+            cause: error,
+        });
+    }
+    else if (error.name === 'NotAllowedError') {
+        /**
+         * Pass the error directly through. Platforms are overloading this error beyond what the spec
+         * defines and we don't want to overwrite potentially useful error messages.
+         */
+        return new webAuthnError_js_1.WebAuthnError({
+            message: error.message,
+            code: 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY',
+            cause: error,
+        });
+    }
+    else if (error.name === 'NotSupportedError') {
+        const validPubKeyCredParams = publicKey.pubKeyCredParams.filter((param) => param.type === 'public-key');
+        if (validPubKeyCredParams.length === 0) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 10)
+            return new webAuthnError_js_1.WebAuthnError({
+                message: 'No entry in pubKeyCredParams was of type "public-key"',
+                code: 'ERROR_MALFORMED_PUBKEYCREDPARAMS',
+                cause: error,
+            });
+        }
+        // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 2)
+        return new webAuthnError_js_1.WebAuthnError({
+            message: 'No available authenticator supported any of the specified pubKeyCredParams algorithms',
+            code: 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG',
+            cause: error,
+        });
+    }
+    else if (error.name === 'SecurityError') {
+        const effectiveDomain = globalThis.location.hostname;
+        if (!(0, isValidDomain_js_1.isValidDomain)(effectiveDomain)) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 7)
+            return new webAuthnError_js_1.WebAuthnError({
+                message: `${globalThis.location.hostname} is an invalid domain`,
+                code: 'ERROR_INVALID_DOMAIN',
+                cause: error,
+            });
+        }
+        else if (publicKey.rp.id !== effectiveDomain) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 8)
+            return new webAuthnError_js_1.WebAuthnError({
+                message: `The RP ID "${publicKey.rp.id}" is invalid for this domain`,
+                code: 'ERROR_INVALID_RP_ID',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'TypeError') {
+        if (publicKey.user.id.byteLength < 1 || publicKey.user.id.byteLength > 64) {
+            // https://www.w3.org/TR/webauthn-2/#sctn-createCredential (Step 5)
+            return new webAuthnError_js_1.WebAuthnError({
+                message: 'User ID was not between 1 and 64 characters',
+                code: 'ERROR_INVALID_USER_ID_LENGTH',
+                cause: error,
+            });
+        }
+    }
+    else if (error.name === 'UnknownError') {
+        // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 1)
+        // https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred (Step 8)
+        return new webAuthnError_js_1.WebAuthnError({
+            message: 'The authenticator was unable to process the specified options, or could not create a new credential',
+            code: 'ERROR_AUTHENTICATOR_GENERAL_ERROR',
+            cause: error,
+        });
+    }
+    return error;
+}

package/script/helpers/isValidDomain.d.ts

@@ -0,0 +1,10 @@
+/**
+ * A simple test to determine if a hostname is a properly-formatted domain name
+ *
+ * A "valid domain" is defined here: https://url.spec.whatwg.org/#valid-domain
+ *
+ * Regex sourced from here:
+ * https://www.oreilly.com/library/view/regular-expressions-cookbook/9781449327453/ch08s15.html
+ */
+export declare function isValidDomain(hostname: string): boolean;
+//# sourceMappingURL=isValidDomain.d.ts.map

package/script/helpers/isValidDomain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"isValidDomain.d.ts","sourceRoot":"","sources":["../../src/helpers/isValidDomain.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAMvD"}

package/script/helpers/isValidDomain.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isValidDomain = isValidDomain;
+/**
+ * A simple test to determine if a hostname is a properly-formatted domain name
+ *
+ * A "valid domain" is defined here: https://url.spec.whatwg.org/#valid-domain
+ *
+ * Regex sourced from here:
+ * https://www.oreilly.com/library/view/regular-expressions-cookbook/9781449327453/ch08s15.html
+ */
+function isValidDomain(hostname) {
+    return (
+    // Consider localhost valid as well since it's okay wrt Secure Contexts
+    hostname === 'localhost' ||
+        /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i.test(hostname));
+}

package/script/helpers/platformAuthenticatorIsAvailable.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Determine whether the browser can communicate with a built-in authenticator, like
+ * Touch ID, Android fingerprint scanner, or Windows Hello.
+ *
+ * This method will _not_ be able to tell you the name of the platform authenticator.
+ */
+export declare function platformAuthenticatorIsAvailable(): Promise<boolean>;
+//# sourceMappingURL=platformAuthenticatorIsAvailable.d.ts.map

package/script/helpers/platformAuthenticatorIsAvailable.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"platformAuthenticatorIsAvailable.d.ts","sourceRoot":"","sources":["../../src/helpers/platformAuthenticatorIsAvailable.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,wBAAgB,gCAAgC,IAAI,OAAO,CAAC,OAAO,CAAC,CAMnE"}

package/script/helpers/platformAuthenticatorIsAvailable.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.platformAuthenticatorIsAvailable = platformAuthenticatorIsAvailable;
+const browserSupportsWebAuthn_js_1 = require("./browserSupportsWebAuthn.js");
+/**
+ * Determine whether the browser can communicate with a built-in authenticator, like
+ * Touch ID, Android fingerprint scanner, or Windows Hello.
+ *
+ * This method will _not_ be able to tell you the name of the platform authenticator.
+ */
+function platformAuthenticatorIsAvailable() {
+    if (!(0, browserSupportsWebAuthn_js_1.browserSupportsWebAuthn)()) {
+        return new Promise((resolve) => resolve(false));
+    }
+    return PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable();
+}

package/script/helpers/toAuthenticatorAttachment.d.ts

@@ -0,0 +1,6 @@
+import { AuthenticatorAttachment } from '@simplewebauthn/types';
+/**
+ * If possible coerce a `string` value into a known `AuthenticatorAttachment`
+ */
+export declare function toAuthenticatorAttachment(attachment: string | null): AuthenticatorAttachment | undefined;
+//# sourceMappingURL=toAuthenticatorAttachment.d.ts.map

package/script/helpers/toAuthenticatorAttachment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"toAuthenticatorAttachment.d.ts","sourceRoot":"","sources":["../../src/helpers/toAuthenticatorAttachment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAIhE;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,UAAU,EAAE,MAAM,GAAG,IAAI,GACxB,uBAAuB,GAAG,SAAS,CAUrC"}

package/script/helpers/toAuthenticatorAttachment.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.toAuthenticatorAttachment = toAuthenticatorAttachment;
+const attachments = ['cross-platform', 'platform'];
+/**
+ * If possible coerce a `string` value into a known `AuthenticatorAttachment`
+ */
+function toAuthenticatorAttachment(attachment) {
+    if (!attachment) {
+        return;
+    }
+    if (attachments.indexOf(attachment) < 0) {
+        return;
+    }
+    return attachment;
+}

package/script/helpers/toPublicKeyCredentialDescriptor.d.ts

@@ -0,0 +1,3 @@
+import type { PublicKeyCredentialDescriptor, PublicKeyCredentialDescriptorJSON } from '@simplewebauthn/types';
+export declare function toPublicKeyCredentialDescriptor(descriptor: PublicKeyCredentialDescriptorJSON): PublicKeyCredentialDescriptor;
+//# sourceMappingURL=toPublicKeyCredentialDescriptor.d.ts.map

package/script/helpers/toPublicKeyCredentialDescriptor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"toPublicKeyCredentialDescriptor.d.ts","sourceRoot":"","sources":["../../src/helpers/toPublicKeyCredentialDescriptor.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,6BAA6B,EAC7B,iCAAiC,EAClC,MAAM,uBAAuB,CAAC;AAI/B,wBAAgB,+BAA+B,CAC7C,UAAU,EAAE,iCAAiC,GAC5C,6BAA6B,CAa/B"}

package/script/helpers/toPublicKeyCredentialDescriptor.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.toPublicKeyCredentialDescriptor = toPublicKeyCredentialDescriptor;
+const base64URLStringToBuffer_js_1 = require("./base64URLStringToBuffer.js");
+function toPublicKeyCredentialDescriptor(descriptor) {
+    const { id } = descriptor;
+    return {
+        ...descriptor,
+        id: (0, base64URLStringToBuffer_js_1.base64URLStringToBuffer)(id),
+        /**
+         * `descriptor.transports` is an array of our `AuthenticatorTransportFuture` that includes newer
+         * transports that TypeScript's DOM lib is ignorant of. Convince TS that our list of transports
+         * are fine to pass to WebAuthn since browsers will recognize the new value.
+         */
+        transports: descriptor.transports,
+    };
+}

package/script/helpers/webAuthnAbortService.d.ts

@@ -0,0 +1,14 @@
+interface WebAuthnAbortService {
+    createNewAbortSignal(): AbortSignal;
+    cancelCeremony(): void;
+}
+/**
+ * A service singleton to help ensure that only a single WebAuthn ceremony is active at a time.
+ *
+ * Users of **@simplewebauthn/browser** shouldn't typically need to use this, but it can help e.g.
+ * developers building projects that use client-side routing to better control the behavior of
+ * their UX in response to router navigation events.
+ */
+export declare const WebAuthnAbortService: WebAuthnAbortService;
+export {};
+//# sourceMappingURL=webAuthnAbortService.d.ts.map

package/script/helpers/webAuthnAbortService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webAuthnAbortService.d.ts","sourceRoot":"","sources":["../../src/helpers/webAuthnAbortService.ts"],"names":[],"mappings":"AAAA,UAAU,oBAAoB;IAC5B,oBAAoB,IAAI,WAAW,CAAC;IACpC,cAAc,IAAI,IAAI,CAAC;CACxB;AA0CD;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,EAAE,oBAAqD,CAAC"}

package/script/helpers/webAuthnAbortService.js

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WebAuthnAbortService = void 0;
+class BaseWebAuthnAbortService {
+    constructor() {
+        Object.defineProperty(this, "controller", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+    }
+    /**
+     * Prepare an abort signal that will help support multiple auth attempts without needing to
+     * reload the page. This is automatically called whenever `startRegistration()` and
+     * `startAuthentication()` are called.
+     */
+    createNewAbortSignal() {
+        // Abort any existing calls to navigator.credentials.create() or navigator.credentials.get()
+        if (this.controller) {
+            const abortError = new Error('Cancelling existing WebAuthn API call for new one');
+            abortError.name = 'AbortError';
+            this.controller.abort(abortError);
+        }
+        const newController = new AbortController();
+        this.controller = newController;
+        return newController.signal;
+    }
+    /**
+     * Manually cancel any active WebAuthn registration or authentication attempt.
+     */
+    cancelCeremony() {
+        if (this.controller) {
+            const abortError = new Error('Manually cancelling existing WebAuthn API call');
+            abortError.name = 'AbortError';
+            this.controller.abort(abortError);
+            this.controller = undefined;
+        }
+    }
+}
+/**
+ * A service singleton to help ensure that only a single WebAuthn ceremony is active at a time.
+ *
+ * Users of **@simplewebauthn/browser** shouldn't typically need to use this, but it can help e.g.
+ * developers building projects that use client-side routing to better control the behavior of
+ * their UX in response to router navigation events.
+ */
+exports.WebAuthnAbortService = new BaseWebAuthnAbortService();

package/script/helpers/webAuthnError.d.ts

@@ -0,0 +1,28 @@
+/**
+ * A custom Error used to return a more nuanced error detailing _why_ one of the eight documented
+ * errors in the spec was raised after calling `navigator.credentials.create()` or
+ * `navigator.credentials.get()`:
+ *
+ * - `AbortError`
+ * - `ConstraintError`
+ * - `InvalidStateError`
+ * - `NotAllowedError`
+ * - `NotSupportedError`
+ * - `SecurityError`
+ * - `TypeError`
+ * - `UnknownError`
+ *
+ * Error messages were determined through investigation of the spec to determine under which
+ * scenarios a given error would be raised.
+ */
+export declare class WebAuthnError extends Error {
+    code: WebAuthnErrorCode;
+    constructor({ message, code, cause, name, }: {
+        message: string;
+        code: WebAuthnErrorCode;
+        cause: Error;
+        name?: string;
+    });
+}
+export type WebAuthnErrorCode = 'ERROR_CEREMONY_ABORTED' | 'ERROR_INVALID_DOMAIN' | 'ERROR_INVALID_RP_ID' | 'ERROR_INVALID_USER_ID_LENGTH' | 'ERROR_MALFORMED_PUBKEYCREDPARAMS' | 'ERROR_AUTHENTICATOR_GENERAL_ERROR' | 'ERROR_AUTHENTICATOR_MISSING_DISCOVERABLE_CREDENTIAL_SUPPORT' | 'ERROR_AUTHENTICATOR_MISSING_USER_VERIFICATION_SUPPORT' | 'ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED' | 'ERROR_AUTHENTICATOR_NO_SUPPORTED_PUBKEYCREDPARAMS_ALG' | 'ERROR_AUTO_REGISTER_USER_VERIFICATION_FAILURE' | 'ERROR_PASSTHROUGH_SEE_CAUSE_PROPERTY';
+//# sourceMappingURL=webAuthnError.d.ts.map

package/script/helpers/webAuthnError.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webAuthnError.d.ts","sourceRoot":"","sources":["../../src/helpers/webAuthnError.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,aAAc,SAAQ,KAAK;IACtC,IAAI,EAAE,iBAAiB,CAAC;gBAEZ,EACV,OAAO,EACP,IAAI,EACJ,KAAK,EACL,IAAI,GACL,EAAE;QACD,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,iBAAiB,CAAC;QACxB,KAAK,EAAE,KAAK,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;KACf;CAMF;AAED,MAAM,MAAM,iBAAiB,GACzB,wBAAwB,GACxB,sBAAsB,GACtB,qBAAqB,GACrB,8BAA8B,GAC9B,kCAAkC,GAClC,mCAAmC,GACnC,6DAA6D,GAC7D,uDAAuD,GACvD,2CAA2C,GAC3C,uDAAuD,GACvD,+CAA+C,GAC/C,sCAAsC,CAAC"}

package/script/helpers/webAuthnError.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WebAuthnError = void 0;
+/**
+ * A custom Error used to return a more nuanced error detailing _why_ one of the eight documented
+ * errors in the spec was raised after calling `navigator.credentials.create()` or
+ * `navigator.credentials.get()`:
+ *
+ * - `AbortError`
+ * - `ConstraintError`
+ * - `InvalidStateError`
+ * - `NotAllowedError`
+ * - `NotSupportedError`
+ * - `SecurityError`
+ * - `TypeError`
+ * - `UnknownError`
+ *
+ * Error messages were determined through investigation of the spec to determine under which
+ * scenarios a given error would be raised.
+ */
+class WebAuthnError extends Error {
+    constructor({ message, code, cause, name, }) {
+        // @ts-ignore: help Rollup understand that `cause` is okay to set
+        super(message, { cause });
+        Object.defineProperty(this, "code", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        this.name = name ?? cause.name;
+        this.code = code;
+    }
+}
+exports.WebAuthnError = WebAuthnError;

package/script/index.d.ts

@@ -0,0 +1,16 @@
+/**
+ * @packageDocumentation
+ * @module @simplewebauthn/browser
+ */
+import { startRegistration } from './methods/startRegistration.js';
+import { startAuthentication } from './methods/startAuthentication.js';
+import { browserSupportsWebAuthn } from './helpers/browserSupportsWebAuthn.js';
+import { platformAuthenticatorIsAvailable } from './helpers/platformAuthenticatorIsAvailable.js';
+import { browserSupportsWebAuthnAutofill } from './helpers/browserSupportsWebAuthnAutofill.js';
+import { base64URLStringToBuffer } from './helpers/base64URLStringToBuffer.js';
+import { bufferToBase64URLString } from './helpers/bufferToBase64URLString.js';
+import { WebAuthnAbortService } from './helpers/webAuthnAbortService.js';
+import { WebAuthnError } from './helpers/webAuthnError.js';
+export { base64URLStringToBuffer, browserSupportsWebAuthn, browserSupportsWebAuthnAutofill, bufferToBase64URLString, platformAuthenticatorIsAvailable, startAuthentication, startRegistration, WebAuthnAbortService, WebAuthnError, };
+export type { WebAuthnErrorCode } from './helpers/webAuthnError.js';
+//# sourceMappingURL=index.d.ts.map

package/script/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAC/E,OAAO,EAAE,gCAAgC,EAAE,MAAM,+CAA+C,CAAC;AACjG,OAAO,EAAE,+BAA+B,EAAE,MAAM,8CAA8C,CAAC;AAC/F,OAAO,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAC/E,OAAO,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAE3D,OAAO,EACL,uBAAuB,EACvB,uBAAuB,EACvB,+BAA+B,EAC/B,uBAAuB,EACvB,gCAAgC,EAChC,mBAAmB,EACnB,iBAAiB,EACjB,oBAAoB,EACpB,aAAa,GACd,CAAC;AAEF,YAAY,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC"}

package/script/index.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WebAuthnError = exports.WebAuthnAbortService = exports.startRegistration = exports.startAuthentication = exports.platformAuthenticatorIsAvailable = exports.bufferToBase64URLString = exports.browserSupportsWebAuthnAutofill = exports.browserSupportsWebAuthn = exports.base64URLStringToBuffer = void 0;
+/**
+ * @packageDocumentation
+ * @module @simplewebauthn/browser
+ */
+const startRegistration_js_1 = require("./methods/startRegistration.js");
+Object.defineProperty(exports, "startRegistration", { enumerable: true, get: function () { return startRegistration_js_1.startRegistration; } });
+const startAuthentication_js_1 = require("./methods/startAuthentication.js");
+Object.defineProperty(exports, "startAuthentication", { enumerable: true, get: function () { return startAuthentication_js_1.startAuthentication; } });
+const browserSupportsWebAuthn_js_1 = require("./helpers/browserSupportsWebAuthn.js");
+Object.defineProperty(exports, "browserSupportsWebAuthn", { enumerable: true, get: function () { return browserSupportsWebAuthn_js_1.browserSupportsWebAuthn; } });
+const platformAuthenticatorIsAvailable_js_1 = require("./helpers/platformAuthenticatorIsAvailable.js");
+Object.defineProperty(exports, "platformAuthenticatorIsAvailable", { enumerable: true, get: function () { return platformAuthenticatorIsAvailable_js_1.platformAuthenticatorIsAvailable; } });
+const browserSupportsWebAuthnAutofill_js_1 = require("./helpers/browserSupportsWebAuthnAutofill.js");
+Object.defineProperty(exports, "browserSupportsWebAuthnAutofill", { enumerable: true, get: function () { return browserSupportsWebAuthnAutofill_js_1.browserSupportsWebAuthnAutofill; } });
+const base64URLStringToBuffer_js_1 = require("./helpers/base64URLStringToBuffer.js");
+Object.defineProperty(exports, "base64URLStringToBuffer", { enumerable: true, get: function () { return base64URLStringToBuffer_js_1.base64URLStringToBuffer; } });
+const bufferToBase64URLString_js_1 = require("./helpers/bufferToBase64URLString.js");
+Object.defineProperty(exports, "bufferToBase64URLString", { enumerable: true, get: function () { return bufferToBase64URLString_js_1.bufferToBase64URLString; } });
+const webAuthnAbortService_js_1 = require("./helpers/webAuthnAbortService.js");
+Object.defineProperty(exports, "WebAuthnAbortService", { enumerable: true, get: function () { return webAuthnAbortService_js_1.WebAuthnAbortService; } });
+const webAuthnError_js_1 = require("./helpers/webAuthnError.js");
+Object.defineProperty(exports, "WebAuthnError", { enumerable: true, get: function () { return webAuthnError_js_1.WebAuthnError; } });

package/script/methods/startAuthentication.d.ts

@@ -0,0 +1,15 @@
+import { AuthenticationResponseJSON, PublicKeyCredentialRequestOptionsJSON } from '@simplewebauthn/types';
+export type StartAuthenticationOpts = {
+    optionsJSON: PublicKeyCredentialRequestOptionsJSON;
+    useBrowserAutofill?: boolean;
+    verifyBrowserAutofillInput?: boolean;
+};
+/**
+ * Begin authenticator "login" via WebAuthn assertion
+ *
+ * @param optionsJSON Output from **@simplewebauthn/server**'s `generateAuthenticationOptions()`
+ * @param useBrowserAutofill (Optional) Initialize conditional UI to enable logging in via browser autofill prompts. Defaults to `false`.
+ * @param verifyBrowserAutofillInput (Optional) Ensure a suitable `<input>` element is present when `useBrowserAutofill` is `true`. Defaults to `true`.
+ */
+export declare function startAuthentication(options: StartAuthenticationOpts): Promise<AuthenticationResponseJSON>;
+//# sourceMappingURL=startAuthentication.d.ts.map

package/script/methods/startAuthentication.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"startAuthentication.d.ts","sourceRoot":"","sources":["../../src/methods/startAuthentication.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,0BAA0B,EAC1B,qCAAqC,EACtC,MAAM,uBAAuB,CAAC;AAW/B,MAAM,MAAM,uBAAuB,GAAG;IACpC,WAAW,EAAE,qCAAqC,CAAC;IACnD,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,0BAA0B,CAAC,EAAE,OAAO,CAAC;CACtC,CAAC;AAEF;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,uBAAuB,GAC/B,OAAO,CAAC,0BAA0B,CAAC,CAkGrC"}

package/script/methods/startAuthentication.js

@@ -0,0 +1,92 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startAuthentication = startAuthentication;
+const bufferToBase64URLString_js_1 = require("../helpers/bufferToBase64URLString.js");
+const base64URLStringToBuffer_js_1 = require("../helpers/base64URLStringToBuffer.js");
+const browserSupportsWebAuthn_js_1 = require("../helpers/browserSupportsWebAuthn.js");
+const browserSupportsWebAuthnAutofill_js_1 = require("../helpers/browserSupportsWebAuthnAutofill.js");
+const toPublicKeyCredentialDescriptor_js_1 = require("../helpers/toPublicKeyCredentialDescriptor.js");
+const identifyAuthenticationError_js_1 = require("../helpers/identifyAuthenticationError.js");
+const webAuthnAbortService_js_1 = require("../helpers/webAuthnAbortService.js");
+const toAuthenticatorAttachment_js_1 = require("../helpers/toAuthenticatorAttachment.js");
+/**
+ * Begin authenticator "login" via WebAuthn assertion
+ *
+ * @param optionsJSON Output from **@simplewebauthn/server**'s `generateAuthenticationOptions()`
+ * @param useBrowserAutofill (Optional) Initialize conditional UI to enable logging in via browser autofill prompts. Defaults to `false`.
+ * @param verifyBrowserAutofillInput (Optional) Ensure a suitable `<input>` element is present when `useBrowserAutofill` is `true`. Defaults to `true`.
+ */
+async function startAuthentication(options) {
+    const { optionsJSON, useBrowserAutofill = false, verifyBrowserAutofillInput = true, } = options;
+    if (!(0, browserSupportsWebAuthn_js_1.browserSupportsWebAuthn)()) {
+        throw new Error('WebAuthn is not supported in this browser');
+    }
+    // We need to avoid passing empty array to avoid blocking retrieval
+    // of public key
+    let allowCredentials;
+    if (optionsJSON.allowCredentials?.length !== 0) {
+        allowCredentials = optionsJSON.allowCredentials?.map(toPublicKeyCredentialDescriptor_js_1.toPublicKeyCredentialDescriptor);
+    }
+    // We need to convert some values to Uint8Arrays before passing the credentials to the navigator
+    const publicKey = {
+        ...optionsJSON,
+        challenge: (0, base64URLStringToBuffer_js_1.base64URLStringToBuffer)(optionsJSON.challenge),
+        allowCredentials,
+    };
+    // Prepare options for `.get()`
+    const getOptions = {};
+    /**
+     * Set up the page to prompt the user to select a credential for authentication via the browser's
+     * input autofill mechanism.
+     */
+    if (useBrowserAutofill) {
+        if (!(await (0, browserSupportsWebAuthnAutofill_js_1.browserSupportsWebAuthnAutofill)())) {
+            throw Error('Browser does not support WebAuthn autofill');
+        }
+        // Check for an <input> with "webauthn" in its `autocomplete` attribute
+        const eligibleInputs = document.querySelectorAll("input[autocomplete$='webauthn']");
+        // WebAuthn autofill requires at least one valid input
+        if (eligibleInputs.length < 1 && verifyBrowserAutofillInput) {
+            throw Error('No <input> with "webauthn" as the only or last value in its `autocomplete` attribute was detected');
+        }
+        // `CredentialMediationRequirement` doesn't know about "conditional" yet as of
+        // typescript@4.6.3
+        getOptions.mediation = 'conditional';
+        // Conditional UI requires an empty allow list
+        publicKey.allowCredentials = [];
+    }
+    // Finalize options
+    getOptions.publicKey = publicKey;
+    // Set up the ability to cancel this request if the user attempts another
+    getOptions.signal = webAuthnAbortService_js_1.WebAuthnAbortService.createNewAbortSignal();
+    // Wait for the user to complete assertion
+    let credential;
+    try {
+        credential = (await navigator.credentials.get(getOptions));
+    }
+    catch (err) {
+        throw (0, identifyAuthenticationError_js_1.identifyAuthenticationError)({ error: err, options: getOptions });
+    }
+    if (!credential) {
+        throw new Error('Authentication was not completed');
+    }
+    const { id, rawId, response, type } = credential;
+    let userHandle = undefined;
+    if (response.userHandle) {
+        userHandle = (0, bufferToBase64URLString_js_1.bufferToBase64URLString)(response.userHandle);
+    }
+    // Convert values to base64 to make it easier to send back to the server
+    return {
+        id,
+        rawId: (0, bufferToBase64URLString_js_1.bufferToBase64URLString)(rawId),
+        response: {
+            authenticatorData: (0, bufferToBase64URLString_js_1.bufferToBase64URLString)(response.authenticatorData),
+            clientDataJSON: (0, bufferToBase64URLString_js_1.bufferToBase64URLString)(response.clientDataJSON),
+            signature: (0, bufferToBase64URLString_js_1.bufferToBase64URLString)(response.signature),
+            userHandle,
+        },
+        type,
+        clientExtensionResults: credential.getClientExtensionResults(),
+        authenticatorAttachment: (0, toAuthenticatorAttachment_js_1.toAuthenticatorAttachment)(credential.authenticatorAttachment),
+    };
+}

package/script/methods/startRegistration.d.ts

@@ -0,0 +1,13 @@
+import { PublicKeyCredentialCreationOptionsJSON, RegistrationResponseJSON } from '@simplewebauthn/types';
+export type StartRegistrationOpts = {
+    optionsJSON: PublicKeyCredentialCreationOptionsJSON;
+    useAutoRegister?: boolean;
+};
+/**
+ * Begin authenticator "registration" via WebAuthn attestation
+ *
+ * @param optionsJSON Output from **@simplewebauthn/server**'s `generateRegistrationOptions()`
+ * @param useAutoRegister (Optional) Try to silently create a passkey with the password manager that the user just signed in with. Defaults to `false`.
+ */
+export declare function startRegistration(options: StartRegistrationOpts): Promise<RegistrationResponseJSON>;
+//# sourceMappingURL=startRegistration.d.ts.map

package/script/methods/startRegistration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"startRegistration.d.ts","sourceRoot":"","sources":["../../src/methods/startRegistration.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,sCAAsC,EAEtC,wBAAwB,EACzB,MAAM,uBAAuB,CAAC;AAU/B,MAAM,MAAM,qBAAqB,GAAG;IAClC,WAAW,EAAE,sCAAsC,CAAC;IACpD,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,CAAC;AAEF;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,qBAAqB,GAC7B,OAAO,CAAC,wBAAwB,CAAC,CA6GnC"}